Coding for Security:Trust nothing from the user. Code every form as if you know a hacker is coming at it. Also safe guard from URL submissions. Remember the GET method. If someone views source on your form they will see all variables that will be passed. Even if you are using host, they can mess with the URL and try submiting malious code that way.

Using these funtions is much more secure than mysql. and they benchmark for more indepth queries. But a major reason to use them is you can do more OOP object oriented programming, and you can release the arrays formed from memory at the end of the function.

You will notice there is no more mysql_db_select&#0028; The db is in the mysqli_connect&lsaquo;&rsaquo;; function. This it seems was a security hole. If you did not specify a db it would open a connection to a default. BAD times.

Now I also learned a nifty little trick. We all know not to accept data from a user as being clean. We have to check it. So you probably use

so if you build your scripts so they all used integers and set it up so no integer should ever be "0" then you could detect when and who is messing with the URLs easily using sessions and some predefind variables.

The naming convention is one '_' for every '/' in the directory path to get to your file.

So /home/docs/public_html/project/classes/myclass.php could be

PHP:

class classes_myclass{
/*
class code here
*/
}

$_SERVER[DOCUMENT_ROOT] should fill in /home/docs/public_html/project. What __autoload does is if a attempt to call the class fails it will hit the function I gave and try one last time to open and used the file needed. This allows you to only call files as needed. You can then add a bit more abtration to your classes.

I have yet to get this to work within a class though or work with a class method that creates a new object.